package com.bzyd.ss.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {

    /**
     * 必须有管理员或者访客角色才能访问
     * 相当于 antMatchers("/all/read").hasAnyRole("管理员","访客")
     *
     * @Secured - 校验登录用户是否用需要的角色
     *  属性 value ：String[]类型，相当于hasAnyRole
     *  PS：此注解不能自动追加角色表示前缀，必须由手动加上 “ROLE_”
     */
    @Secured({"ROLE_管理员","ROLE_访客"})
    @RequestMapping("/all/read")
    public String allRead(){
        return "all read";
    }

    /**
     * 必须是管理员角色才能访问
     * 相当于 antMatchers("/admin/read").hasRole("管理员")
     */
    @Secured({"ROLE_管理员"})
    @RequestMapping("/admin/read")
    public String adminRead(){
        return "admin read";
    }

    /**
     * 必须是访客角色才能访问
     * 相当于 antMarchers("/guest/read").hasRole("访客")
     */
    @Secured({"ROLE_访客"})
    @RequestMapping("/guest/read")
    public String guestRead(){
        return "guest read";
    }

    /**
     * @PreAuthorize - 方法执行前校验权限是否满足，
     *   属性 value - 字符串，提供 access 方法动态表达式，如：hasRole('ROLE_xxx') hasAuthority('xxx')
     * @PostAuthorize - 方法结束后校验权限是否满足，很少使用
     */
    @PreAuthorize("hasAnyAuthority('admin:write','guest:write')")
    @RequestMapping("/all/write")
    public String allWrite(){
        return "all write";
    }

    @PreAuthorize("hasAuthority('admin:write')")
    @RequestMapping("/admin/write")
    public String adminWrite(){
        return "admin write";
    }

    @RequestMapping("/guest/write")
    public String guestWrite(){
        return "guest write";
    }

    @RequestMapping("/user/delete")
    public String userDelete(){
        return "user delete";
    }

    @RequestMapping("/order/create")
    public String orderCreate(){
        return "order create";
    }


}
